a man reading an Acceptable use policy - Essential Data Corporation

An Acceptable Use Policy (AUP) is a type of regulation that employees must follow within their company’s internet use. This document specifies practices and responsibilities which the user of the network must follow and agree to when using the web. If a worker violates these policies, they can face revocation of access to the internet.

Every business and educational facility user must adhere to the code of conduct laid out in their AUP. Strict Cybersecurity documentation and guidelines exist to protect businesses against data breaches and malware threats.

These policies include, for example:

  • Company internet guidelines specify business use only 
  • E-mail spamming breaches the code of conduct
  • Mail bombing in order to block the server violates the regulations
  • Network use for illegal file downloading infringes on acceptable use policy 

Users must report any suspicious activity, such as compromised credentials or unauthorized access of company data.

Why are Acceptable Use Policies so Important?

Simply put, if your business uses internet access, you will need an AUP to increase your company’s network protection.

AUPs are essential guidelines for your business that provide protection against lawsuits. These policies shield your business from legal action—caused by, for instance, an employee’s negligent internet actions.

Employees’ internet activity, such as visiting illegal sites, can introduce malware and expose the company’s network. Moreover, accidental copying of data into a storage cloud can lead to leaked private organization data. As a result, these infringements can make the company prone to lawsuits. Businesses affected by this negligence can pursue legal action for the violation of acceptable use policy regulations. The threat of legal action on its own could also further discourage employees from violating AUP regulations.

Other user actions that violate the guidelines include such acts as video streaming from a legal site. Although seemingly harmless because it is a legitimate site, it nevertheless violates the code of conduct. If this were allowed to go unpunished, it would set a bad precedent, causing others to believe that they can recklessly use the company’s networks for anything without punishment.

Why do Companies have Acceptable Use Policies?

Acceptable use policies are a fundamental part of information security and a document that can render proof of “due diligence.” These regulations provide safety for the network and protect sensitive customer data in the event of regulatory breach audits. The regulations can also protect a company’s brand from reputation damage caused by a data breach. 

The actions of consumers, vendors, contractors, and employees could pose a risk to your organization. The main purpose of AUP regulations is to safeguard your business from damage by anyone with access to your systems.

Acceptable use policies cover unintentional and intentional actions on the part of users. Most importantly, it is critical for users to know that the policies monitor their activity, so they can be held responsible for their internet actions. As previously mentioned, this awareness alone may deter its users from proceeding with illegal internet activities and encourage them to respect the code of conduct. In addition, it is important the intended clientele understands the instructions for the guidelines. This helps to ensure that they know what they can and cannot do with an organization’s network, so that they do not mistakenly cause problems.

Because the policies apply to everyone in the organization — with no exceptions — this applies to upper management position leaders as well. Any member of a company – regardless of position or responsibilities – could potentially cause severe problems for the company if they are careless when using the internet.

In addition, users with legal access can help to report suspicious activities beforehand. Doing so can both help to prevent problems such as data breaches before they happen and end them before they become worse for the organization.

What is an Acceptable Technology Use Policy?

Businesses benefit from acceptable technology use policies in addition to standard AUPs. These policies can protect a company or institution from expected future problems. The term acceptable technology use policy refers to an AUP that covers and regulates the use of technology beyond a company’s computers and network. Acceptable technology use policies are most often used by educational institutions such as schools.

An AUP can protect your organization from threats that could come from, for example, a terminated employee attempting to retaliate. Also, employees should have limited access to some sites.

When putting these regulations in place, there has to be a balance. Extreme limitations prohibiting access to the internet for a mental break, such as checking personal email, can affect companies’ employee retention and morale. Therefore, businesses should make some allowances for workers to more freely use the internet. This could be integrated into a company’s AUP by including a list of what sorts of internet functions, actions, and websites employees are allowed to use the company’s computers and technology for.

What is Strictly Prohibited as per the Acceptable Use Policy?

AUP access is strictly for lawful purposes. The user is liable for any data received, sent, and stored. Most importantly, the material is subject to regulations.

Strict prohibitions which are illegal if violated include, for example:

  • Transmission of protected trademark and copyright data
  • Patenting property rights without permission
  • Transmission of confidential material posing a threat
  • Unauthorized access to systems to monitor network data
  • Posting material for libel, defamation, and threats 
  • Breach of any security or measures used by the system

Acceptable use policy prohibitions highlight not attempting to infringe on the security of any system and network. Most importantly, posting commercial messages and e-mail spamming violates the policies.

What to Know to Write Acceptable Use Policies

With the importance and usefulness of acceptable use policies clearly established, there are some important guidelines, elements, and hints you should take into consideration when writing an AUP yourself.

5 Guidelines to Follow When Writing Acceptable Use Policies

  1. Create real-life scenarios regarding the kinds of technology the acceptable use policy covers
  1. Clarify with employees the reason for the AUP and why it is important to comply with it
  1. Explain the consequences of a violation of the code of conduct
  1. Use general and clear vocabulary that is easy for anyone to understand when writing these guidelines 
  1. Updating acceptable use policies is essential to ensure no outdated technology is being used

Some organizations may reference acceptable technology use policies for the workplace. However, other businesses might not do so. Instead, they might rely on other documentation and regulations to ensure that their technology is used the way they intend it to be.

 

acceptable use policy for business-Essential Data Corporation; a pen on top of a notebook resting on a table

What are the 6 key elements of AUP?

The administrator of the network implements acceptable use policy regulations. It is the user’s responsibility to follow the guidelines as the administrator sets them. For the most part, the specific elements and regulations can vary between different AUPs. However, there are some elements that most, if not all, acceptable use policies should include.

The National Education Association suggests 6 key elements to the AUP code of conduct.

The Six Acceptable Use Policy Key elements Are…

  • The Preamble is a key element that describes AUP goals covered and not covered in the computer systems. For example, in an educational institution, it translates the conditions that students can use the network and the regulations. The preamble designates proper use of computer services by its users.
  • The Definition Section clarifies the policies in simple words. This confirms that the users of the network can understand the language and terminology used by the Acceptable Use Policies.
  • The Policy Statement explains the computer services protected by the Acceptable Use Policy. This key element summarizes the guidelines under which users have access to the network. For instance, in educational institutions, students will have access to the network according to the task they will perform on the computer. In that case, it will be a class project and homework.  
  • An Acceptable Uses Section defines the code of conduct to be followed when using the computer network according to the AUP. An example of this is found in learning centers. In this example, the acceptable uses section will limit students to accessing the computer network for educational purposes only. Similarly to employees, they will have limited access to the workstation network for work-related tasks.
  • An Unacceptable Uses Section specifies what is acceptable and unacceptable under the Acceptable Use Policy. The unacceptable uses section element defines the code of conduct. In addition, it monitors what users send and receive through the network.

Summing Up…

An Acceptable Use Policy is essential for all educational institutions and businesses. Users in these facilities can expose the network to cyber threats when they are on the internet, potentially without even intending to. Therefore, an acceptable use policy provides a degree of safety and deterrence against cyber breaches by making sure users know what they cannot use the network for. However, users must agree to, and sign the agreements. This is similar to when you sign onto the internet in your home, where you must agree to a set of guidelines.

Essential Data Corporation Is Here To Take Your Project To The Next Level

EDC’s professional writers have years of experience producing both technical and nontechnical material and documentation for many businesses including manufacturing, software, e-learning companies, and many other businesses.

Whether you need a single technical writer for a brief project, or a team of consultants to produce a complete line of documentation, the quality of our work is guaranteed for you. Our clients work closely with an Engagement Manager from one of our 30 local offices for the entire length of your project at no additional cost. Contact us at (800) 221-0093 or sales@edc.us